Skip to main content
CVE-2022-26301 CRITICAL POC Act Now

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-26279 CRITICAL POC Act Now

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eyoucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26272 CRITICAL POC THREAT Act Now

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
22.5%
CVE-2022-26249 CRITICAL POC Act Now

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Surveyking
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-27811 CRITICAL POC PATCH Act Now

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Ocrfeeder
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27083 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-27082 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27081 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27080 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27079 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27078 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27077 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27076 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26536 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26290 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26289 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26629 CRITICAL POC Act Now

An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Soroushplus
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-22374 CRITICAL Act Now

The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Power 9 Ac922 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy